<?php

session_start();

/**
 * @author Sabine Müller
 * @copyright 2012
 */


include 'nav.inc.php';
include 'dbConn.php';

html_head('Administration - Passwort &auml;ndern');

	if(!isset($_SESSION["username"])){
	echo("<div class='content' style='margin-left:350px'>");
	   echo ("Bitte erst <a href='login.php'>einloggen</a>.");
	   exit;
	   echo("</div");
	 }
	else{
		menu();
		echo("<div class='content' style='margin-left:350px'>");
		if (isset($_REQUEST['next_page']))
			$next_page = $_REQUEST['next_page'];
		else
			$next_page = '0';
		echo ("<form name='main' action='".$_SERVER['SCRIPT_NAME']."' method='post'>\n");
		if($next_page == '0'){
			echo("Neues Passwort:<br>");
			echo("<input type='password' size='24' maxlength='50'");
			echo("name='passwort'><br>");

			echo("Passwort wiederholen:<br>");
			echo("<input type='password' size='24' maxlength='50'");
			echo("name='passwort2'><br>");

			echo("<input type='submit' value='Passwort &auml;ndern'>");
			echo"<input type='hidden' name='next_page' value='1' />\n";
		}
		if($next_page == '1'){
			$username = $_SESSION["username"];
			$passwort = $_POST["passwort"];
			$passwort2 = $_POST["passwort2"];

			if($passwort != $passwort2 OR $username == "" OR $passwort == ""){
				echo "Eingabefehler. Bitte alle Felder korekt ausfüllen. <a href=\"register.php\">Zurück</a>";
				exit;
			}
			$passwort = md5($passwort);

			$result = mysql_query("SELECT m_id FROM std_mitarbeiter WHERE m_id='".$_SESSION['userid']."'");
			$cout = mysql_num_rows($result);
			if($cout != 0){
				
				$query = " UPDATE std_mitarbeiter SET password='".$passwort."' WHERE m_id='".$_SESSION['userid']."'";
				$result = mysql_query($query) or die("Update Password: ".mysql_error());

				if($result){
					echo "Das Passwort f&uuml;r <b>$username</b> wurde ge&auml;ndert.";
					$next_page ='0';
					
				}
				else{
					echo "Fehler beim Speichern des Passworts.";
				}
			}
			//should never happen
			else{
				echo "Benutzer nicht gefunden.";
			}
		}
		echo("</form>");
	}
echo("</div>");
?>
